Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

As reported in last month’s blog, after five years work, government ministers from the 12 Trans-Pacific Partnership (TPP) countries announced the conclusion of their TPP trade negotiations. The result of the talks is a free trade agreement that seeks to liberalise trade and investment between 12 Pacific Rim countries.

The negotiations were shrouded in secrecy but, after a further month to enable officials to write up the results of last minute horse-trading, the text has been made public.

While people new to the topic may expect to see reference to privacy in international instruments on human rights such as in the United Nations International Covenant on Civil and Political Rights, they may at first be surprised to find it in a trade treaty. But on reflection they will realise that information underpins so much of business and trade these days.

The part of TPP most relevant to privacy is Chapter 14: Electronic Commerce. More particularly, Article 14.8 (Personal Information Protection) which should be read together with the preceding Article 14.7 (Online Consumer Protection).

Article 14.7: Online consumer protection

1. The parties recognise the importance of adopting and maintaining transparent and effective measures to protect consumers from fraudulent and deceptive commercial activities as referred to in Article 16.7.2 (Consumer Protection) when they engage in electronic commerce.

2. Each party shall adopt or maintain consumer protection laws to proscribe fraudulent and deceptive commercial activities that cause harm or potential harm to consumers engaged in online commercial activities.

3. The parties recognise the importance of cooperation between their respective national consumer protection agencies or other relevant bodies on activities related to cross-border electronic commerce in order to enhance consumer welfare. To this end, the parties affirm that the cooperation sought under Article 16.7.5 and Article 16.7.6 (Consumer Protection) includes cooperation with respect to online commercial activities.

Article 14.8: Personal information protection

1. The parties recognise the economic and social benefits of protecting the personal information of users of electronic commerce and the contribution that this makes to enhancing consumer confidence in electronic commerce.

2. To this end, each party shall adopt or maintain a legal framework that provides for the protection of the personal information of the users of electronic commerce. In the development of its legal framework for the protection of personal information, each party should take into account principles and guidelines of relevant international bodies.

3. Each party shall endeavour to adopt non-discriminatory practices in protecting users of electronic commerce from personal information protection violations occurring within its jurisdiction.

4. Each party should publish information on the personal information protections it provides to users of electronic commerce, including how:

(a) individuals can pursue remedies; and

(b) business can comply with any legal requirements.

5. Recognising that the parties may take different legal approaches to protecting personal information, each party should encourage the development of mechanisms to promote compatibility between these different regimes. These mechanisms may include the recognition of regulatory outcomes, whether accorded autonomously or by mutual arrangement, or broader international frameworks. To this end, the parties shall endeavour to exchange information on any such mechanisms applied in their jurisdictions and explore ways to extend these or other suitable arrangements to promote compatibility between them.

Article 14.8 includes two footnotes:

A note to Article 14.8 provides that “Brunei Darussalam and Viet Nam are not required to apply this article before the date on which that party implements its legal framework that provides for the protection of personal data of the users of electronic commerce”. This would seem to imply that the other TPP states (Australia, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, United States, and Vietnam) are confident that their existing legal frameworks meet the requirements of the article.

The further note is attached to article 14.8(2) and states that “for greater certainty, a party may comply with the obligation in this paragraph by adopting or maintaining measures such as a comprehensive privacy, personal information or personal data protection laws, sector-specific laws covering privacy, or laws that provide for the enforcement of voluntary undertakings by enterprises relating to privacy”. This note recognises the diversity of legal approaches to privacy protection across the TPP economies from the sectoral approach of the United States to the omnibus laws in Australia and New Zealand.

Comments

No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.